docs: module dossier + install/quickstart sync for truthful cutover sprints

- API_CLI_REFERENCE.md, INSTALL_GUIDE.md, quickstart.md, architecture/integrations.md, dev/DEV_ENVIRONMENT_SETUP.md, integrations/LOCAL_SERVICES.md: reflect real-service wiring.
- docs/modules/**: module dossier updates across the modules touched by SPRINT_20260415_001..007 + SPRINT_20260416_003..017 + SPRINT_20260417_018..024 + SPRINT_20260418_025 + SPRINT_20260419_026.
- docs/features/checked/web/**: update feature notes where UI changed.
- docs/qa/feature-checks/runs/web/evidence-presentation-ux/: QA evidence artifacts.
- docs/setup/**, docs/technical/**: align with setup wizard contracts.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

docs/modules/router/architecture.md

@@ -315,6 +315,7 @@ Request ─►│ ForwardedHeaders        │
 - route must be configured with `PreserveAuthHeaders=true`, and
 - route prefix must also be in the approved passthrough allow-list configured under `Gateway:Auth:ApprovedAuthPassthroughPrefixes`.
 - local frontdoor configs approve `/connect`, `/console`, `/authority`, `/doctor`, `/api`, `/policy/shadow`, and `/policy/simulations` so live policy compatibility endpoints can preserve DPoP/JWT passthrough without broadening unrelated routes.
+- Gateway DPoP replay protection is durable in non-testing runtime: `StellaOps.Gateway.WebService` resolves `IDpopReplayCache` through messaging idempotency (`valkey` in compose, `postgres` when configured) and only permits `InMemoryDpopReplayCache` under the explicit `Testing` environment. When `Gateway:Auth:DpopEnabled=true` and no durable messaging idempotency backend is configured, the host fails fast instead of silently falling back to process-local replay state.
 - Tenant override attempts are logged with deterministic fields including route, actor, requested tenant, and resolved tenant.
 
 ### Connection State